Forget about Google collecting all your data. We already know that the tech-giant knows what you had for dinner last night and that your dog has got fleas.
A more pressing question is how safe are you when using an app store? The nature of modern smartphones means the app store is one of a very small group of apps that is certain to be used by all owners of a phone, regardless of what else is on their device.
As such, that makes it a very attractive resource, both for organisations and companies, and for criminals and hackers.
The NSA and the Google Play Store
What happens when the company is also the hacker?
News recently broke about how the NSA intended to use Google’s app store for its own nefarious purposes.
Last week, a “top secret” document obtained by CBC News in Canada revealed that the NSA and its international partners were supposedly working on ways to exploit smartphone technology for surveillance. The concept revolved around how a project named “IRRITANT HORN” would send malicious “implants” to targeted devices via an app store.
They planned to do this by targeting servers that are used by smartphones whenever someone downloads or updates an app from the Google Play store. These servers see massive amounts of data flowing through them from millions of smartphones all around the world. The security agencies hoped to match this data to information obtained from email records, chats, and browsing histories in order to build up a database of about people’s Internet use.
Once this database was built up, the document claims they wanted to implant spyware on certain smartphones to take control of the device and extract details from it.
Apparently the Samsung store was also targeted, although neither company has yet commented on the allegations publically.
Security vs Privacy – The Debate
Unsurprisingly, the news has kicked off another round of debate over which is more important – national security or user privacy.
Proponents of the NSA say that its work is directly responsible for protecting millions of people around the world on a daily basis from extremists and terrorists. Its critics says it goes too far and it’s an incursion into the basic human right of privacy. As ever, the truth is probably somewhere in the middle.
Is the NSA having the ability to hack app stores a good thing? Should they harbour vulnerabilities and actively try to break security as much as they do, and most importantly, what can you do about it?
Get Apps, Avoid the NSA
Most of the mobile phone users in the developed world now use a smartphone. Since Apple launched the original iPhone in 2007 the market has grown enormously – it is now estimated there are 1.75 billion users around the world.
— Michael Acton (@mracton) May 25, 2015
Unfortunately, smartphones are not very useful without apps – and if you’re a privacy conscious user who finds this latest news deeply disturbing, that’s a problem.
But what can you do?
Thankfully, you’ve got a couple of ways of giving the NSA (and other watchers) the slip. One such method is by side-loading apps, another is by using alternative stores.
Christian wrote a fantastic guide about side-loading APK files back in February. The primary purpose of his article was to avoid geo-restrictions, but the same methods he outlines can be used to give the store a wide berth on your smartphone too. There are browser extensions and third-party sites that can anonymously extract the file from Google Play, then you manually install the APK on your device.
Another option is to use non-Google app stores. There are lots of Google Play alternatives out there – with some of the best being the Amazon Appstore, F-Droid, and Mobogenie. However, keep in mind that if Samsung’s store was reportedly compromised, there is a reasonable chance that some of these alternatives could be compromised as well.
There are a couple of drawbacks to using non-official methods, such as those highlighted in Christian’s article.
Firstly, what you’re doing directly contravenes Google’s Terms of Service. Secondly, and more importantly from a practical perspective, updates might not install correctly.
This can leave you open to security vulnerabilities, and thus defeat the very purpose of what you are aiming to achieve.
A Losing Battle?
It could be argued that you’re fighting a losing battle. It seems like the only fail-safe way to protect yourself against NSA surveillance is to avoid using smartphones altogether.
For most people that’s simply not an option. Instead, you might have to accept that until the NSA is deemed illegal or its practices are seriously revolutionised, you’re just going to be vulnerable.
Do you accept that vulnerability? Perhaps you have some other methods that can scupper the NSA’s prying eyes? Have you found an app store that is guaranteed to be secure?
Let us know your thoughts and comments in the box below.
Image Credits: water tap via Shutterstock